Security Solutions for Hyperconnectivity and the Internet of Things

Speaker: Dr. Maurice Dawson, SMIEEE, CSSLP, CGEIT, CCISOTitle: Security Solutions for Hyperconnectivity and the Internet of Things---xxxSWE2016xxx

Speaker's Bio

Topics Covered• SECURITY SOLUTIONS FOR

HYPERCONNECTIVITY AND THE INTERNET OF THINGS

• NATION STATE : WHY HYPERCONNECTIVITY IS AN ISSUE

• ANONYMITY - SECRECY

SECURITY SOLUTIONS FOR HYPERCONNECTIVITY AND THE INTERNET OF THINGS

Security Solutions for Hyperconnectivity and the Internet of Things

The Internet of Things describes a world in which smart technologies enable objects with a network to communicate with each other and interface with humans effortlessly. This connected world of convenience and technology does not come without its drawbacks, as interconnectivity implies hackability. Security Solutions for Hyperconnectivity and the Internet of Things offers insights from cutting-edge research about the strategies and techniques that can be implemented to protect against cyber-attacks.

NATO Systems of Systems Example

Internet of Things

IoT Example

Internet of Everything• Researchers at Cisco Systems

estimate that over 99 percent of physical devices are still unconnected and that there is a market of $14.4 trillion.

• IoE is comprised of four key things which are people, data, and things built on the process.

• The model IoE is made up of three types of connections: People to Machine (P2M), Machine to Machine (M2), and People to People (P2P).

Military vs Commerical Hyperconnectivity

Standards - Directives: DoD 8500, DoD 8570, DoD 8140, RMF, DIACAP, ISO 15408, NIST Special PublicationsAgencies: DoD, NIST, DISA, NSA, DIA, STRATCOM, MDA, SMDC, AMCOM

Mobile Devices

Vulnerabilities - Threats• Mobile phishing and

ransomware• Using an infected mobile

device to infiltrate nearby devices

• Cross-platform banking attacks & convert channels

• Social media– "Gen Y is very social and

sharing culture"

Collett, S. (2014). Five new threats to your mobile device security. Retrieved September 22, 2016, from http://www.csoonline.com/article/2157785/data-protection/five-new-threats-to-your-mobile-device-security.html

Kali Linux - Bluetooth Applications

• Bluelog: A bluetooth site survey tool. It scans the area to find as many discoverable devices in the area and then logs them to a file.

• Bluemaho: A GUI-based suite of tools for testing the security of Bluetooth devices.

• Blueranger: A simple Python script that uses i2cap pings to locate Bluetooth devices and determine their approximate distances.

• Btscanner: This GUI-based tool scans for discoverable devices within range.

• Redfang: This tool enables us to find hidden Bluetooth device.

• Spooftooph: This is a Bluetooth spoofing tool.

Kali Linux - Bluetooth Attacks• Blueprinting: The process of footprinting.• Bluesnarfing: This attack takes data from

the Bluetooth-enabled device. This can include SMS messages, calendar info, images, the phone book, and chats.

• Bluebugging: The attacker is able to take control of the target's phone. Bloover was developed as a POC tool for this purpose.

• Bluejacking: The attacker sends a "business card" (text message) that, if the user allows to be added to their contact list, enables the attacker to continue to send additional messages.

• Bluesmack: A DoS attack against Bluetooth devices.

Social Media

Social Media

Vulnerabilities - Threats• Text mining• Behavior analysis• Location analysis• Pattern analysis• Exploitation of

connections

OSS Tools• R, Rapid Miner• Open Web Analytics

(OWA)• JasperReport• BRIT• Pentaho• SpagoBI• KNIME

Research - Social Media

Terrorist - Link Analysis

OSINTPersonal Twitter accounts provide the ability to associate a specific location. This location over time can provide trends of locations visited with time/date stamps. This can be used to start developing a full analysis on Tweeting trends from particular locations, frequency of location visits, and content analysis through text mining.

OSINT - Extracting EXIF



NATION STATE : WHY HYPERCONNECTIVITY IS AN ISSUE

ANONYMITY - SECRECY

TAILS OSAfter the information released by Edward Snowden, the world realized about the security risks of high surveillance from governments to citizens or among governments,and how it can affect the freedom, democracy and/or peace. Research has been carried out for the creation of the necessary tools for the countermeasures to all this surveillance. One of the more powerful tools is the Tails system as a complement of The Onion Router (TOR). Even though there are limitations and flaws, the progress has been significant and we are moving in the right direction.

The Onion Router (TOR)• TOR project was set by the

government and developed by the Defense Advanced Research Projects Agency (DARPA) as a security measure to avoid national and international surveillance of the classified government operations (Fagoyinbo & Babatunde, 2013).

• The National Security Agency (NSA) has said that TOR is “the King of high secure, low latency Internet anonymity” (The Guardian, 2013). The TOR project received an award for projects of social benefit from the FSF (Free Software Foundation) in 2010, acknowledging it not only for the privacy and anonymity that it provides, but also for the freedom of access and expression on the Internet granted to millions of people, which has proved to be pivotal in dissident movements around the world (FSF, 2010).

• The Business Week magazine has described it as one of the most effective means to defeat surveillance around the world (Lawrence, 2014).

Cyber Defense - Cyber Intelligence

Cyber Security Workforce

IASE DISA STIGsOperating SystemsNetwork AppliancesMobile Devices

Unmanned SystemsInceptance of surveilanceChange of flight plansCorreupt VMs for GCSJam comms

Justin KolkerINFSYS 6858





Alexandra LoehrINFSYS 6858





Dr. Maurice DawsonUniversity of Missouri - St. Louis228 Express Scripts Hall, One University BlvdSt. Louis, MO 63121-4400Email: [email protected]

Technology

Security Solutions for Hyperconnectivity and the Internet of Things